End-of-Life (EoL)

Distributed Database Deployment

In a distributed database deployment, the Cortex XSOAR app server and its databases are installed on separate machines.
This multi-tier configuration enables you to scale your environment and manage load resources. Cortex XSOAR supports two types of multi-tier configurations. In both multi-tier configuration types, there is a single app server.
Although a distributed database deployment might enhance performance, there are various factors that must be considered. This might not be the preferred deployment method for you. Contact your Cortex XSOAR Customer Success manager before you implement a distributed database deployment. As of Cortex XSOAR v6.5, distributed database deployments are not supported. If you plan to upgrade to Cortex XSOAR v6.5, we recommend Elasticsearch instead of a distributed database.
Using BoltDB for a remote distributed database can cause performance issues when working with large (over 5 MB) incident file attachments. If you anticipate working with large file attachments and a remote distributed database, we recommend using Elasticsearch.

Single database server

When you deploy Cortex XSOAR with a single app server and a single database server, the database server is considered the main database, on which all content is stored.

Multiple database servers

When you deploy Cortex XSOAR with a single app server and multiple database servers, the first database you install is considered the main database and all additional database servers you install are considered secondary nodes.
The main database server maintains all content that is not an incident or related to an incident, such as playbooks, automations, integrations, and so on.
The nodes maintain all incidents and their related data, for example, the playbook used when processing the specific incident or indicators extracted from the specific incident. Incidents are distributed between the different secondary nodes using a round-robin system.
  • You must ensure that ports 443 and 50001 are open from the app server to the database servers. In addition, port 443 needs to be open while you are initially registering a database node.
  • Each database server, main and nodes, must have its own disaster recovery configured.

Recommended For You